Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

Turnkey Linux Intros Amazon S3 Powered Backup

Open source facility also acts as a migration mechanism to quickly move or copy fully working systems in the cloud.




Slideshow: Amazon's Case For Enterprise Cloud Computing
(click for larger image and for full photo gallery)
TurnKey Linux Wednesday released a smart, fully automated open source-based backup and restore facility powered by the Amazon Simple Storage Service (S3) cloud.

TurnKey Linux Backup and Migration (TKLBAM) is based on Ubuntu 8.04.3, was designed to add flexibility to cloud computing, and requires no configuration, according to the Tel Aviv-based developer. The solution delivers speed, intelligence, and automation to migration in the cloud, as well as backup and restore functions, said Liraz Siri, company co-founder.

The solution knows what to back up and not back up to create encrypted archives of changes to files, databases, package management state, and even users and groups, he said. In addition, TKLBAM acts as a migration mechanism to move or copy fully working systems within minutes, Siri said.

"It would be so easy you would, shockingly enough, actually test your backups. No more excuses. As frequently as you know you should be, avoiding unpleasant surprises at the worst possible timing," he said.

Businesses can easily migrate to Ubuntu Lucid from Ubuntu Hardy; to a cloud server from a local deployment; to any virtual private server from a cloud server; to bare metal from a virtual machine; to Debian from Ubuntu; and to 64-bit from 32-bit, according to TurnKey Linux. To accomplish this, TKLBAM is a vertically integrated backup solution with system-level awareness, and knows which configuration files have been changed and which remain untouched since installation. The technology leverages the package-management system to get the appropriate system binaries from package repositories, a process that prevents the waste of backup space, the company said.

"[The tool protects] you from all the small paper-cuts that conspire to make restoring an ad-hoc backup such a nightmare," said Siri. "It would transparently handle technical stuff you'd rather not think about like fixing ownership and permission issues in the restored file system after merging users and groups from the backed up system."

To address security concerns, TKLBAM lets administrators use strong cryptographic passphrase protection -- including countermeasures against dictionary attacks -- for their encryption key, but also allows administrators to create an escrow key in the case of password loss. Since not all information requires such security, the tool enables key management tasks to happen transparently, according to TurnKey Linux.

AES encrypted backup volumes automatically are uploaded to the closest cost-effective, durable cloud storage. These cloud storage systems are designed to deliver 99.999999999% uptime, the company said.

"We took our ideal and we made it work. In fact, we've been experimenting with increasingly sophisticated prototypes for a few months now, privately eating our own dog food, working out the kinks. This stuff is complex so there may be a few rough spots left, but the foundation should be stable by now," Siri said.

In the future, TKLBAM will support PostgreSQL, LAPP, and OpenBravo; currently, it only supports MySQL. Other developments on the horizon include built-in integration of TKLBAM into all TurnKey appliances, and a custom webmin module for TKLBAM, according to TurnKey Linux.

A video of the system in action is available on YouTube.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The State of Email Security and Protection
Mike Flouton, Vice President of Email Security at Barracuda Networks,  11/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.